Hi, This is what I usually do.
Here ISPIP is the IP your ISP gave you.
COMPILE FIREWALL WITH cd /usr/src/sys/i386/conf cp GENERIC GATEWAY vi GATEWAY ident GATEWAY
#ADDED BY SSR STARTS #TO ENABLE FIREWALL options IPFIREWALL options IPFIREWALL_VERBOSE options IPFIREWALL_VERBOSE_LIMIT=0
#ID FIELDS IN IP ADDRESS TO BE RANDOM INSTEAD OF INCREMENTAL options RANDOM_IP_ID
#NATTING options IPDIVERT
#FOR BANDWIDTH THROTTLING options DUMMYNET #ADDED BY SSR ENDS config -r GATEWAY cd ../../compile/GATEWAY make depend make make install reboot
Edit /etc/sysctl.conf net.inet.ip.forwarding=1 net.inet.ip.check_interface=1 net.inet.tcp.blackhole=2 net.inet.udp.blackhole=1 net.inet.tcp.log_in_vain=2 net.inet.udp.log_in_vain=1
Edit /etc/ipnat.conf map vr0 10.0.0.1/24 -> ISPIP/32 portmap tcp/udp 10000:60000 map vr0 10.0.0.1/24 -> ISPIP/32
Edit /etc/rc.conf
gateway_enable="YES"
ifconfig_rl0="inet ISPIP netmask 255.255.255.0"
ifconfig_vr0="inet 10.0.0.1 netmask 255.255.255.0"
firewall_enable="YES" # Set to YES to enable firewall functionality
firewall_script="/etc/rc.firewall" # Which script to run to set up the firewall
firewall_type="open" # Firewall type (see /etc/rc.firewall)
firewall_flags="" # Flags passed to ipfw when type is a file
natd_program="/sbin/natd" # path to natd, if you want a different one.
natd_enable="YES" # Enable natd (if firewall_enable == YES).
natd_interface="rl0" # Public interface or IPaddress to use.
Edit /etc/ipf.rules
pass in all
pass out all
R E B O O T
Regards SSR
From: horio shoichi <[EMAIL PROTECTED]> To: "Extech" <[EMAIL PROTECTED]> CC: [EMAIL PROTECTED] Subject: Re: Router/Gateway Date: Sat, 13 Dec 2003 14:31:48 +0900
On Thu, 11 Dec 2003 13:45:56 +0200
"Extech" <[EMAIL PROTECTED]> wrote:
> Hello
>
> I have looked through the archives and I have read the manual (Advance Networking) but could not find specific to address my question.
>
> I want to set up a FreeBSD 5.x box as a router/gateway on a permanent connection with a fixed IP address,
> there will also be other machines with fixed IP addresses (not 192.168.x.x but proper IP's)
> on this network.
>
> something like this:
>
> To internet exchange on T1 Leased Line
> |
> |
> | dc0 (196.x.x.1)
> ---------
> FreeBSD
> router/
> gateway
> ---------
> | lr0
> |
> |
> |
> ---------
> switch/hub
> ---------
> | |
> | |
> 196.x.x.2 | | 196.x.x.3
> -------- --------
> Server 1 Server 2
> -------- --------
>
>
> Obviously I have to have two network cards in the router/gateway (dc0 and lr0),
> I assume that I will configure dc0 with my fixed IP, but what do I do with lr0?
>
> Can somebody please point me in the right direction.
>
> Thanks
> extech
>
>
> _______________________________________________
> [EMAIL PROTECTED] mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "[EMAIL PROTECTED]"
>
A popular solution is the route/gateway not have ip addresses that belong to
allocated global ips, and use bridge configuration.
If bridging is inadequate in your case, the thing pretty much depends on the "cloud" one hop away from dc0 interface. Describe it (modem/router, configuable/not, etc).
horio shoichi
_______________________________________________
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
_________________________________________________________________
Don’t miss out on jobs that are not advertised. http://go.msnserver.com/IN/38902.asp Post your CV on naukri.com today.
_______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
